Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/d4C7uHRUfnu4t3YZ4MBJsS--5Ek.roa
File:                     d4C7uHRUfnu4t3YZ4MBJsS--5Ek.roa (raw, json)
Hash identifier:          uO4b42mNITwUKoqfDlnVJs9D4JY64rSHwoi0yTC3Afs=
Subject key identifier:   77:80:BB:B8:74:54:7E:7B:B8:B7:76:19:E0:C0:49:B1:2F:BE:E4:49
Certificate issuer:       /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial:       0189DF34FB5984C92B830761521B3A37F9CF
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/d4C7uHRUfnu4t3YZ4MBJsS--5Ek.roa
Signing time:             Thu 10 Aug 2023 11:28:58 +0000
ROA not before:           Thu 10 Aug 2023 11:28:58 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203061
IP address blocks:        194.126.179.0/24 maxlen: 24
                          193.104.96.0/24 maxlen: 32
                          194.32.106.0/24 maxlen: 24
                          185.144.13.0/24 maxlen: 32
                          185.222.213.0/24 maxlen: 32
                          185.25.107.0/24 maxlen: 32

Validation:               Failed, RFC 3779 resource not subset of parent's resources

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:df:34:fb:59:84:c9:2b:83:07:61:52:1b:3a:37:f9:cf
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
        Validity
            Not Before: Aug 10 11:28:58 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=7780bbb874547e7bb8b77619e0c049b12fbee449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:53:bb:06:7d:85:56:43:9f:38:38:74:99:46:
                    a7:d9:a8:82:7a:74:89:66:66:40:a2:42:e5:bb:6a:
                    9e:74:aa:6f:91:14:51:ac:20:52:27:7b:de:c8:d6:
                    ab:2d:9d:06:ac:2b:bf:19:34:78:4f:9f:f7:3a:8d:
                    b0:0e:0c:25:89:45:93:a3:36:c8:30:d0:85:56:cf:
                    58:be:d5:0d:f2:f3:a5:9d:d9:13:cc:d2:10:42:d4:
                    eb:7a:0b:4a:5d:06:ae:ed:c2:12:3c:eb:ef:a4:8e:
                    db:3f:97:26:c1:c5:33:e5:e8:6b:6b:97:14:d2:9c:
                    12:d0:f9:b9:cf:15:87:49:2c:94:0c:74:90:41:bc:
                    71:7b:c4:92:a9:f3:84:1d:af:a7:9e:48:9a:4e:d8:
                    04:65:02:85:36:a6:84:c7:1e:05:db:77:21:a1:28:
                    50:b9:c6:5a:10:b7:cf:02:4a:5c:99:5e:ba:7f:f4:
                    61:e5:d6:69:2e:5b:1f:6a:96:81:d3:a9:29:ae:76:
                    fb:e6:3c:d2:22:54:ad:f2:e9:f2:0d:2e:93:07:8c:
                    9b:19:a1:a5:9d:d7:d4:87:23:c6:b1:29:f8:00:a1:
                    91:75:36:eb:67:12:79:4c:6a:dd:7f:4c:83:5e:46:
                    e7:c2:cb:e1:f7:ca:3e:53:98:8d:c9:8e:91:e6:c4:
                    92:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:80:BB:B8:74:54:7E:7B:B8:B7:76:19:E0:C0:49:B1:2F:BE:E4:49
            X509v3 Authority Key Identifier:
                keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/d4C7uHRUfnu4t3YZ4MBJsS--5Ek.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.25.107.0/24
                  185.144.13.0/24
                  185.222.213.0/24
                  193.104.96.0/24
                  194.32.106.0/24
                  194.126.179.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:70:03:cf:fc:a5:96:60:12:c8:f4:d2:06:e5:19:61:47:45:
         bc:98:d2:8a:58:fc:e3:0b:88:42:a5:07:cc:02:18:1a:bb:93:
         d2:83:ea:0d:01:dd:e6:f9:f4:50:ba:13:41:16:45:5a:5e:28:
         4f:1d:b2:25:34:86:32:ac:a8:d2:09:8d:18:bc:40:44:c2:07:
         ba:45:4b:e5:3f:6e:61:38:31:89:94:2d:98:d3:6a:90:5a:40:
         e2:e6:eb:ed:9b:da:cf:62:bb:81:92:ff:af:29:f6:4f:cb:1c:
         6f:fa:ec:86:98:d6:b6:4d:6a:95:17:1e:a4:20:0e:c5:c5:dc:
         6c:26:31:61:9b:00:7c:20:70:43:07:72:9e:35:b4:b0:77:f3:
         d6:44:2b:41:37:22:f5:18:4d:40:9a:77:f0:03:32:95:25:2e:
         90:9e:2f:2a:cf:da:28:14:7c:e3:73:1f:4e:79:65:79:78:c9:
         25:da:61:2e:fe:bb:04:c0:09:62:6a:a7:6e:25:9c:a7:e9:10:
         6b:9c:0c:5e:f3:0e:f4:64:0a:67:96:1b:e2:39:5c:90:2c:e4:
         23:f7:c9:dc:ef:3f:8e:1a:90:8f:87:2d:5a:83:aa:cb:aa:06:
         b6:f2:20:45:fe:3d:e3:bb:28:f8:5f:ca:38:51:97:9a:6f:64:
         50:4f:78:3e
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYnfNPtZhMkrgwdhUhs6N/nPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjMwODEwMTEyODU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NzgwYmJiODc0NTQ3ZTdiYjhiNzc2MTllMGMwNDliMTJmYmVlNDQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnFO7Bn2FVkOfODh0mUan2aiCenSJ
ZmZAokLlu2qedKpvkRRRrCBSJ3veyNarLZ0GrCu/GTR4T5/3Oo2wDgwliUWTozbI
MNCFVs9YvtUN8vOlndkTzNIQQtTregtKXQau7cISPOvvpI7bP5cmwcUz5ehra5cU
0pwS0Pm5zxWHSSyUDHSQQbxxe8SSqfOEHa+nnkiaTtgEZQKFNqaExx4F23choShQ
ucZaELfPAkpcmV66f/Rh5dZpLlsfapaB06kprnb75jzSIlSt8unyDS6TB4ybGaGl
ndfUhyPGsSn4AKGRdTbrZxJ5TGrdf0yDXkbnwsvh98o+U5iNyY6R5sSSvQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHeAu7h0VH57uLd2GeDASbEvvuRJMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvZDRDN3VIUlVmbnU0dDNZWjRNQkpzUy0tNUVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAuRlrAwQA
uZANAwQAud7VAwQAwWhgAwQAwiBqAwQAwn6zMA0GCSqGSIb3DQEBCwUAA4IBAQBU
cAPP/KWWYBLI9NIG5RlhR0W8mNKKWPzjC4hCpQfMAhgau5PSg+oNAd3m+fRQuhNB
FkVaXihPHbIlNIYyrKjSCY0YvEBEwge6RUvlP25hODGJlC2Y02qQWkDi5uvtm9rP
YruBkv+vKfZPyxxv+uyGmNa2TWqVFx6kIA7FxdxsJjFhmwB8IHBDB3KeNbSwd/PW
RCtBNyL1GE1AmnfwAzKVJS6Qni8qz9ooFHzjcx9OeWV5eMkl2mEu/rsEwAliaqdu
JZyn6RBrnAxe8w70ZApnlhviOVyQLOQj98nc7z+OGpCPhy1ag6rLqga28iBF/j3j
uyj4X8o4UZeab2RQT3g+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:24:49 2024 by rpki-client on console-ams.rpki-client.org